Registry¶
-
class
TH.Registry(key: str, value: str, value_data: str, muid: str, client_id: str, logged_user: str, parent_filename: str, parent_md5: str, parent_pid: numpy.int64, child_path: str, child_filename: str, child_md5: str, child_pid: numpy.int64, period: Optional[TH.Core.period.TimePeriod] = TimePeriod())¶ Bases:
Generic[TH.Core.THCollection.T]Warning
This object is not intended to be created, but obtained through queries provided by upper level objects
Class representing a registry keyA registry can be instantiated by providing the following information:muid: Machine unique identification code in where the registry key operation is performed
key: The registry entry key
value: The registry entry value content
value_data: The registry entry value content
parent_filename: The parent process (name) that modified the registry
parent_md5: The parent process (md5) that modified the registry
parent_pid: The parent process (PID) that modified the registry
logged_user: The user name that performed the registry operation
client_id: The client identification code
period: The current analysis period
-
get_file(period: Optional[TH.Core.period.TimePeriod] = None) → Any¶ - Returns
The process binary file as an instance of
Filethat performed the registry operation
-
get_machine(period: Optional[TH.Core.period.TimePeriod] = None) → Any¶ - Returns
The machine as an instance of
Machinefor this registry entry
-
get_process(period: Optional[TH.Core.period.TimePeriod] = None) → Any¶ - Returns
The process as an instance of
Processthat performed the registry operation
-
get_user(period: Optional[TH.Core.period.TimePeriod] = None) → Any¶ - Returns
The user as an instance of
Userthat performed the registry operation
-
property
data¶ - Returns
The registry entry content
-
property
key¶ - Returns
The registry entry key
-
property
value¶ - Returns
The registry entry value